There is a new phishing tactic that employs chatbots to automate credential theft and increase the legitimacy of phishing sites. Bleeping Computer1 mentioned only one IoC, a cybersquatting subdomain targeting DHL.
Using TIP, we tried to learn everything possible about the IoC, including its vulnerabilities, connections, and choice of text strings. We then used these details to uncover more potentially suspicious domains. Here are our key findings:
- The IoC shares its IP address with 11 other domains, and the root domain has another DHL-targeted subdomain.
- We discovered 10,000+ cybersquatting domains and subdomains targeting DHL, FedEx, UPS, and Royal Mail that contain text strings used in the IoC.
- More than 500 of these properties have been flagged as malicious.
Download the threat research materials now to access a sample of identified artifacts used to conduct additional enrichment and threat analysis.
-  https://www.bleepingcomputer.com/news/security/phishing-websites-now-use-chatbots-to-steal-your-credentials/